“When shopping for SIM vendors: 1) Learn about the organization, not just the product and its price tag (though SIM products do have a large price variance). 2) Read the customer testimonials to understand what kind of problems customers were able to solve. 3) Make sure the critical assets, such as servers and firewalls, can be covered, but leave room for some flexibility. 4) See a product demonstration, preferably a live system where the flow of data can be seen. 5) Ask questions of the sales team that they may not be able to answer. The purchaser has to live with this product, and he/she needs to be confident that the vendor as a whole is doing what is in his/her best interest and the product is going to address the organization’s needs. 6) Get a feel for how the product is deployed and what the responsibilities are going to be during deployment. It is pretty safe to assume that the SIM vendors have deployed more SIM solutions than the buyer, so they should be able to answer any questions about how they will deploy in the organization’s environment.”

Resource: Security Information Management: Not Just the Next Big Thing

Source: Nicole Pauls, Information Systems Audit and Control Association

SIM Resource Guide Section: Security Information Management Purchasing Best Practices